ff7c2af7
From: rm@amitrader.com
David Schwartz wrote:
> On Feb 5, 8:26 pm, Ralf wrote:
>>
>> I need to capture TCP connect packets (ie. SYN-Packets)
>> sent to a given local port, for example to port 1234.
>>
>> That small code needs to run on a normal host.
>> It should not disturb the normal traffic flow,
>> ie. without setting the interface(s) into promiscious mode or so.
>> Is this possible?
>
> Yes. Simply open a socket, bind it to that port, then call 'listen'.
> If you want to capture the SYN for special processing, you can use any
> of the various packet capture techniques.
Sorry, I'm new to packet capturing.
Can you please tell me which packet capture techniques there are?
What would I need to do between the 'listen' and 'accept'
to capture the initial SYN packet?
Do you maybe have some code handy?
>> Can I then, when such a packet gets captured, use normal
>> socket functions to accept the connection as usual?
>
> Yep. Just call 'accept'.
>
>> Or will the packet be removed from the device buffer when I capture it?
>> It should not remove it if possible.
>
> Some of the packet capture interfaces give you to opportunity to
> remove or not remove the packet. Some don't let you remove it. Use the
> same mechanism 'tcpdump -p' uses.
>
>> I would prefer a solution without any external library if possible.
>
> Then you can implement the code yourself, but that makes life harder.
How would you do it?
Which library would you use?
>> BTW, is it possible to send a payload within a SYN packet?
>
> Not easily.
:-) But your answer indicates that it somehow still is possible.
I would like to learn how to do it.
A 6 bytes payload in the 1st SYN packet would be sufficient for me,
it can also be placed in some unused header fields if there are any such.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
